I - Mission Critical Public
Rules and Groups employed by this XCCDF Profile
-
SRG-NET-000042
Group -
The Enterprise Voice, Video, and Messaging Endpoint must be configured to retain the Standard Mandatory DOD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.
The banner must be acknowledged by the user prior to allowing the user access to the network. This provides assurance that the user has seen the message and accepted the conditions for access. If t...Rule Medium Severity -
SRG-NET-000048
Group -
The Enterprise Voice, Video, and Messaging Endpoint must notify the user, upon successful logon (access) to the network element, of the date and time of the last logon (access).
Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the date and time of their last successful login allows the user to determine if a...Rule Medium Severity -
SRG-NET-000049
Group -
The Enterprise Voice, Video, and Messaging Endpoint must notify the user, upon successful logon (access), of the number of unsuccessful logon (access) attempts since the last successful logon (access).
Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number of unsuccessful attempts that were made to login to their account allow...Rule Medium Severity -
SRG-NET-000053
Group -
The Enterprise Voice, Video, and Messaging Endpoint must be configured to limit the number of concurrent sessions to an organizationally defined number.
Enterprise Voice, Video, and Messaging Endpoint management includes the ability to control the number of user sessions and limiting the number of allowed user sessions helps limit risk related to D...Rule Medium Severity -
SRG-NET-000074
Group -
The Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing what type of connection occurred.
Session records are commonly produced by session management and border elements. Many Enterprise Voice, Video, and Messaging Endpoints are not capable of providing session records and instead rely ...Rule Medium Severity -
SRG-NET-000075
Group -
The Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing when (date and time) the connection occurred.
Session records are commonly produced by session management and border elements. Many Enterprise Voice, Video, and Messaging Endpoints are not capable of providing session records and instead rely ...Rule Medium Severity -
SRG-NET-000076
Group -
The Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing where the connection occurred.
Session records are commonly produced by session management and border elements. Many Enterprise Voice, Video, and Messaging Endpoints are not capable of providing session records and instead rely ...Rule Medium Severity -
SRG-NET-000077
Group -
The Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing the source of the connection.
Session records are commonly produced by session management and border elements. Many Enterprise Voice, Video, and Messaging Endpoints are not capable of providing session records and instead rely ...Rule Medium Severity -
SRG-NET-000078
Group -
The Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing the outcome of the connection.
Session records are commonly produced by session management and border elements. Many Enterprise Voice, Video, and Messaging Endpoints are not capable of providing session records and instead rely ...Rule Medium Severity -
SRG-NET-000079
Group -
The Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing the identity of all users.
Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, security personnel cannot determine responsibility...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.